9/15/2016 REAL World: Fraud and Internal Controls 2016 MASBO Fall Conference – September 15 1: 15 – 2: 15 pm Earl P . Burke, MBA, CSBA Assist ant Superint endent for Business Services & Operat ions Chief Financial Officer Cautionary Tale Pulled From REAL Life… 2 Fraud Information In 1996, Dr. Joseph T. Wells, CFE, CPA, founder and Chairman of the Association of Certified Fraud Examiners, directed the publication of the first Report to the Nation on Occupational Fraud and Abuse. The study analyzed actual case information provided by Certified Fraud Examiners, the report presented statistical data on the cost of occupational fraud, the perpetrators, the victims, and the various methods used to commit these crimes. This was the first study of its kind, and the findings in the 1996 report serve as the foundation for much of what is known about how occupational fraud and abuse affects organizations. 3 1
9/15/2016 Fraud Statistics Source: REPORT TO THE NATI ONS ON OCCUPATI ONAL FRAUD AND ABUSE 5% of revenues lost to Nearly one in four $652 billion annually Median loss $159,000 employee fraud & caused losses in excess abuse, annually of $1 Million Median loss from fraud Median loss from fraud Men cause losses more Men perpetrate 61% of by employees making by employees making than twice those fraud $50,000/ year or less is $500,000/ year or more caused by women $75,000 is $8 Million Perpetrators with post- Multiple perpetrators graduate degrees cause cause median losses of Median losses caused Median losses caused losses more than twice $485,000; nearly five by those 25 or younger by those over 60 are those of perpetrators times higher than are $25,000 $713,000 with only perpetrators acting undergraduate degrees alone Fraud Statistics Source: REPORT TO THE NATI ONS ON OCCUPATI ONAL FRAUD AND ABUSE Government victims The median loss suffered by small Whistleblowers were Organizations of different sizes organizations (those with fewer tend to have different fraud risks. most likely to report Federal ($194,000) than 100 employees) was the Corruption was more prevalent in same as that incurred by the fraud to their direct larger organizations, while check State ($100,000) largest organizations (those with tampering, skimming, payroll, and supervisors (20.6% of more than 10,000 employees). cash larceny schemes were twice Local ($80,000) However, this type of loss is likely cases) or company as common in small organizations to have a much greater impact on as in larger organizations. executives (18% ). smaller organizations. Billing schemes and Largest - Asset Lowest - Financial Corruption cases, check tampering misappropriation, 83% statement fraud 35.4% schemes posed greatest risk based on smallest average loss, > 10% Average loss, Average loss, their relative frequency $125,000. $975,000. $200,000. and median loss. The most common Most prom inent In 94.5% of the cases, Most common detection concealment methods weakness cited was a perpetrator took some method was tips were creating and lack of internal controls efforts to conceal the hotlines (39.1% of altering physical & override of existing fraud. cases). documents. internal controls. 4 Why Fraud Happens Immediate Need Opportunity Ability to Rationalize Fraud 2
9/15/2016 Immediate Need Living Drugs, Un-sharable beyond Romantic Financial alcohol, Problem one’s involvement emergency gambling means Opportunity Trust • Lax oversight W eak • Pow er to I nternal override Controls controls Stop Me When You Think We Have A Problem Posts G/ L Makes bank Receives deposits cash Same Person Receives and approves vendor invoices Writes checks 3
9/15/2016 “Ability to Rationalize” “The rules don’t apply “It’s just a to me” loan, I’ll pay it back” “The company owes me” “Everybody else is doing it” How Fraud Happens Asset Misappropriation 92% Corruption – Bribery, Kick-backs, illegal gratuities, conflicts of interest 31% Fraudulent Statements 11% School Bookkeeper embezzles … 12 4
9/15/2016 What Happened? Stole $81,000; possibly $100,000 more Delayed Audits Cash receipts Caught in routine audit Headmaster embezzles… 14 What Happened? Stole between $25,000 to $58,000 Accepted cash receipts Controlled Deposits Controlled mail Overrode internal controls 5
9/15/2016 Golden High School financial secretary charged embezzlement 16 What Happened? Stole $156,000 in cash from school events (Homecoming, Prom and other school activities) Arrested on unrelated charges Revealed by auditors Falsified reports Lied to Auditors Lack of transparency A Wake Up call… 18 6
9/15/2016 What Happened? Stole more than $3.5 million over 7 years 500 checks written to herself and family Delayed audits In charge of controls How it was concealed? Fraudulent journal entries Altered bank deposits Altered credit card statements Bank reconciliations • Manipulated outstanding checks • Altered bank statements Internal Controls… What’s That? (DIAB) 21 Systems of policies and procedure designed to prevent fraud, Audit Standards waste and misappropriation. Statement on Auditing Standards 112 (SAS 112) Protect the assets of an organization. Audit Requirement – auditor to gather more evidential Create reliable financial reporting. documentation on internal control deficiencies and include additional findings in Promote compliance with laws and regulations. annual audit report. Effective December 2006 for Non-Profits in The work is subdivided so that no single employee performs a the wake of Sarbanes- complete cycle of operations. (Separation of Duties) Oxley Act. Achieve effective and efficient operations. 7
9/15/2016 Who is responsible? 22 School districts that seek excellence in their financial management and operations must establish and While everyone in the school is maintain a strong internal control responsible for the internal controls, system that is effectively the board of education and the communicated to all. administration are ultimately • Principals & Teachers responsible. • Support Administrators and their departments • Vendors & Subcontractors • Volunteers Why do you need good internal controls? Fraud, abuse, theft and misappropriations of funds can come from a variety of perpetrators including but not limited to employees, officers, volunteers and vendors. 23 Why do you need good internal controls? Despite an increase in focus on internal controls over the past few years, a survey by KPMG still found poor internal control procedures to be the top factor behind corporate fraud. The KPMG survey, which poled 138 high- level executives, found 42 percent of respondents identified unsatisfactory controls. Other factors included employee/ third- party collusion (35% ) and management overruling of internal controls (25% ). Source: Pennsylvania CPA Journal, Spring 2008 24 8
9/15/2016 What is the risk of poor internal controls? Risk assessment is identification and analysis of relevant risks to organizational objectives, for the purpose of determining how those risks should be managed. Assessment begins determination objectives, followed by identification of obstacles that could prevent objectives from being attained. In other words, it's an analysis of what could go wrong. Not all risks are equal. Some are more likely than others to occur, and some will have a greater impact if they occur. Once risks are identified, their probability and significance must be assessed. Finally, having identified and assessed risk, management must decide how to deal with it. 25 Internal Control Elements Control environment The starting point Continuing Control related assessment of policies and to assess risks is to risk procedures examine current internal control structure and its effectiveness by insuring controls encompass … I nformation Monitoring and communication 26 Internal Control Elements • S et the correct environmental tone by communicating belief in and importance to employees at all levels. 1 . Control Environm ent • Develop a comprehensive listing of financial policies and procedures to: • Ensure ongoing fiscal stability. • Improve the organization’s processes. • Serve as a key element of sound fiscal administration. • Provide guidance and be decision points for staff. 2 . Control • Identify acceptable and unacceptable courses of action in which departments (and Related Policies for that matter governments) can operate. and Procedures • Allow for consistency despite board/ staff turnover. 27 9
Recommend
More recommend